An estimated 300,000 computers in more than 150 countries around the world have been infected by a ransomware virus unleashed on May 12 in what has been called the largest cyber-extortion attack in history.
The ransomware called WannaCry encrypted files on infected computers and demanded that users pay money to have their data restored.
While the attack started and was primarily concentrated in Europe, the virus also spread to the U.S. and Asia.
A Department of Homeland Security (DHS) official said that the list of American victims was relatively small, according to a May 15 article on NPR.
Though a spokesperson for Europol, the European Union’s police agency, reported that few people had paid as requested by the ransomware, the attack still had significant consequences as it shut down hospitals and transportation networks and resulted in an estimated $4 billion in losses, according to a CBS News report.
Coming just over a week after a phishing scam spread through fake Google Docs links on May 3, the WannaCry attack proved particularly insidious because it did not behave like traditional malware, CMIT Solutions of Fairfax owner Terry Whearley says.
CMIT Solutions of Fairfax provides information technology solutions to small businesses around Fairfax County, and Whearley has more than 25 years of experience in the IT field.
Normally, ransomware infects computers when users click on a link or email attachment, but WannaCry spread from computer to computer without any action by the user, meaning that if one computer got infected, it could impact an entire network.
“The major way that computers were infected was simply a computer-to-computer connection,” Whearley explained. “If one computer was infected, it would randomly try to find another computer and send it a message, and that message was the means by which the new computer got infected.”
According to Whearley, attempts to recover lost data appear to be unsuccessful in this case, so rather than trying to fix the problem after an attack has already occurred, it is more important for individuals and businesses to take preventative measures to protect their computers.
The most critical form of protection against the WannaCry ransomware is an up-to-date patch, which is a software update aimed at fixing bugs, addressing security vulnerabilities, or providing upgrades.
WannaCry came out of hacking tools released online in files that had been stolen from the National Security Agency (NSA), which reported the theft in April.
The virus targeted a weakness in Microsoft machines, but the company had already noticed the vulnerability and announced on Mar. 14 that it had developed a patch to address it.
However, the scale of the WannaCry attack shows that many people did not heed Microsoft’s advice.
“Many, many computers were infected even though the patch was available to protect those computers,” Whearley said. “That tells you there are many computers out there that are not being regularly updated, so that’s the most critical thing, to make sure patches are applied.”
Both individual consumers and businesses can also buy anti-virus software and other products to provide better security.
Whearley says that CMIT Solutions uses and recommends Malwarebytes Premium, which includes anti-ransomware features.
He also suggests that all businesses look into getting a business-class firewall, such as SonicWall or Cisco. While they are more expensive than what an average consumer might buy, business firewalls are more intelligent and better able to detect threats.
Individuals may not be able to afford an advanced router firewall, but they should still ensure that the one they have is up to date, since firewalls do not send alerts or notifications when an update is available.
“If you check the manual or the webpage for the manufacturer, it will tell you how to get to the firewall, and you should check it every few months just see if a new update is needed,” Whearley said.
In addition to getting antivirus protections, people should be wary of the websites they visit and the emails they open. Though the WannaCry ransomware did not spread through links or attachments, those are still the primary methods used by hackers to infect computers.
Whearley says users should not click on any links that they do not understand or open email attachments that they were not expecting.
Finally, individuals and businesses should keep backups of their data in a flash drive, cloud-based system, or another storage device that is disconnected from their main computer network.
“If you have a local hard drive or thumb drive and you leave it plugged in all the time and just keep backing up to it, the problem is it could get encrypted too,” Whearley said. “…So, backups are really critical these days. Anything that you value, have good backups.”